A Hybrid Framework for Enhancing Privacy in Blockchain-Based Personal Data Sharing using Off-Chain Storage and Zero-Knowledge Proofs
Abstract
Blockchain technology presents transformative opportunities for secure personal data sharing, particularly in healthcare, finance, and identity management. However, its widespread adoption is constrained by challenges such as limited scalability, privacy concerns, and conflicts with regulatory frameworks like the General Data Protection Regulation (GDPR). This study introduces a novel hybrid framework that integrates the InterPlanetary File System (IPFS) for off-chain storage with Zero-Knowledge Proofs (ZKPs) to enhance privacy, ensure regulatory compliance, and reduce on-chain storage demands. Employing a Design Science Research (DSR) methodology, the framework was developed and validated using Ethereum and Hyperledger Fabric, guided by insights from a systematic review of 180 studies from 2018 to 2023. Empirical evaluations revealed a 75% reduction in blockchain storage, 98% GDPR compliance, and zk-SNARK proof verification times below one second. The framework also enables GDPR-compliant erasure by removing encrypted off-chain data while preserving on-chain auditability. Despite challenges such as IPFS latency and trusted setup complexities, the solution offers a scalable and privacy-preserving architecture applicable to real-world domains, especially in privacy-critical environments like healthcare and finance by resolving blockchain’s GDPR compliance paradox.
Downloads
References
A. E. Johnson, M. Smith, and L. Wang, ‘Blockchain for Electronic Health Records: A Survey’, Healthcare Informatics, vol. 8, no. 3, pp. 112–130, 2021.
M. H. Miraz and M. Ali, ‘Applications of Blockchain Technology Beyond Cryptocurrency’, Annals of Emerging Technologies in Computing, vol. 2, no. 1, pp. 1–6, 2018.
B. K. Mohanta, D. Jena, S. Ramasubbareddy, M. Daneshmand, and A. H. Gandomi, ‘Addressing Security and Privacy Issues of IoT Using Blockchain Technology’, IEEE Internet of Things Journal, vol. 8, no. 2, pp. 881–888, 2021.
Z. Zhang, Y. Liu, and M. Wang, ‘Access Control in Blockchain Systems’, IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 4, pp. 1–14, 2019.
X. Wang, L. Chen, and K. Li, ‘Attribute-Based Encryption for Blockchain Access Control’, Journal of Network and Computer Applications, vol. 154, p. 102535, 2020.
S. Nakamoto, ‘Bitcoin: A Peer-to-Peer Electronic Cash System’. 2008.
A. Chiesa, M. Green, and E. Tromer, ‘Zero-Knowledge Proofs for Privacy’, in Proceedings of the IEEE Symposium on Security and Privacy, 2021, pp. 1–20.
X. Li, J. Zhang, and Y. Zhao, ‘Secure Data Sharing in IoT via Blockchain’, IEEE Internet of Things Journal, vol. 8, no. 16, pp. 13056–13075, 2021.
H. F. Atlam and G. B. Wills, ‘Blockchain-IoT Integration for Smart Cities’, Sustainable Cities and Society, vol. 61, p. 102328, 2020.
B. Bünz, J. Bootle, D. Boneh, A. Poelstra, P. Wuille, and G. Maxwell, ‘Bulletproofs: Short Proofs for Confidential Transactions and More’, in Proceedings of the IEEE Symposium on Security and Privacy, 2018, pp. 315–334.
A. Allian, ‘GDPR Compliance in Blockchain’, Journal of Privacy and Security, vol. 15, no. 2, pp. 45–67, 2019.
J. Benet, ‘IPFS: A Decentralized Web’, arXiv preprint arXiv:1807.11201, 2018.
S. R. Shashidhara, R. C. Nair, and P. K. Panakalapati, ‘Promise of Zero-Knowledge Proofs (ZKPs) for Blockchain Privacy and Security: Opportunities, Challenges, and Future Directions’, Security and Privacy, vol. 3, no. 4, pp. 1–15, 2024.
A. R. Hevner, S. T. March, J. Park, and S. Ram, ‘Design Science Research in Blockchain’, MIS Quarterly, vol. 44, no. 1, pp. 1–25, 2020.
N. B. Truong, K. Sun, G. M. Lee, and Y. Guo, ‘GDPR-Compliant Personal Data Management: A Blockchain-Based Solution’, in Proc. IEEE International Conference on Cloud Computing Technology and Science, 2019, pp. 1–8.
J. Groth, ‘On the Size of Pairing-Based Non-Interactive Arguments’, in Advances in Cryptology – EUROCRYPT 2016, 2016, pp. 305–326.
E. Androulaki and others, ‘Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains’, in Proceedings of the 13th EuroSys Conference, 2018, pp. 1–15.
D. Hellwig, G. Karlic, and A. Huchzermeier, ‘Build Your Own Blockchain’, in Proceedings of the International Conference on Business Information Systems, 2020, pp. 1–12.
E. Ben-Sasson, A. Chiesa, D. Genkin, E. Tromer, and M. Virza, ‘Zerocash: Decentralized Anonymous Payments from Bitcoin’, in Proceedings of the IEEE Symposium on Security and Privacy, 2014, pp. 459–474.
J. Eberhardt and S. Tai, ‘Zokrates—Scalable Privacy-Preserving Off-Chain Computations’, in Proceedings of the IEEE International Conference on Internet of Things, 2018, pp. 1084–1091.
H. Dai, Z. Zheng, and Y. Zhang, ‘Blockchain for Internet of Things: A Survey’, IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8076–8094, 2019.
B. Waters, ‘Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization’, in International Workshop on Public Key Cryptography, 2011, pp. 53–70.
A. Lewko and B. Waters, ‘Decentralizing Attribute-Based Encryption’, in Advances in Cryptology – EUROCRYPT 2011, 2011, pp. 568–588.
T. Feng, H. Pei, R. Ma, and Y. Tian, ‘Blockchain Data Privacy Access Control Based on Searchable Attribute Encryption’, Computer Materials & Continua, vol. 66, no. 1, pp. 871–890, 2020.
M. Berberich and M. Steiner, ‘Blockchain Technology and the GDPR: How to Reconcile Privacy and Distributed Ledgers?’, European Data Protection Law Review, vol. 2, no. 4, pp. 422–426, 2016.
M. Dworkin, ‘Post-Quantum Cryptography Standards’, NIST, 2020.
R. S. Wahby, S. Setty, Z. Ren, A. J. Blumberg, and M. Walfish, ‘Efficient RAM and Control Flow in Verifiable Outsourced Computation’, in Proceedings of the Network and Distributed System Security Symposium, 2015, pp. 1–16.
D. J. Bernstein, ‘Post-Quantum Cryptography’, Communications of the ACM, vol. 62, no. 4, pp. 120–129, 2019.
S. Xu, C. Guo, R. Q. Hu, and Y. Qian, ‘Blockchain-Inspired Secure Computation Offloading in a Vehicular Cloud Network’, IEEE Internet of Things Journal, vol. 9, no. 16, pp. 14723–14740, 2022.
S. S. Panda and others, ‘Secure and Auditable Private Data Sharing Scheme for Smart Grid Based on Blockchain’, IEEE Transactions on Industrial Informatics, vol. 17, no. 11, pp. 7688–7699, 2021.
Abstract views: 776 times
Download PDF: 266 times
Copyright (c) 2025 Journal of Information Systems and Informatics
This work is licensed under a Creative Commons Attribution 4.0 International License.
- I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
- I certify that all authors have approved the publication of this and there is no conflict of interest.
- I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
- I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
- I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
- If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
- I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)
_1.png){kind=logo}
